From 7c242f3d37c6c4966d2d1b64dbf04c31b18b37c6 Mon Sep 17 00:00:00 2001 From: Endi S. Dewata Date: Nov 05 2020 16:34:37 +0000 Subject: Add missing pki-acme package --- diff --git a/0001-Add-workaround-for-missing-capture_output-in-Python-.patch b/0001-Add-workaround-for-missing-capture_output-in-Python-.patch new file mode 100644 index 0000000..fc10f90 --- /dev/null +++ b/0001-Add-workaround-for-missing-capture_output-in-Python-.patch @@ -0,0 +1,35 @@ +From 2633d0f8d369c8a1a4996be9dde3f900814ed374 Mon Sep 17 00:00:00 2001 +From: "Endi S. Dewata" +Date: Wed, 28 Oct 2020 18:40:52 -0500 +Subject: [PATCH] Add workaround for missing capture_output in Python 3.6 + +--- + base/server/python/pki/server/subsystem.py | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/base/server/python/pki/server/subsystem.py b/base/server/python/pki/server/subsystem.py +index 2e72b0b54..34262daf9 100644 +--- a/base/server/python/pki/server/subsystem.py ++++ b/base/server/python/pki/server/subsystem.py +@@ -1465,11 +1465,17 @@ class PKISubsystem(object): + + logger.debug('Command: %s', ' '.join(cmd)) + ++ # https://stackoverflow.com/questions/53209127/subprocess-unexpected-keyword-argument-capture-output/53209196 ++ if capture_output: ++ stdout = subprocess.PIPE ++ else: ++ stdout = None ++ + try: + return subprocess.run( + cmd, + input=input, +- capture_output=capture_output, ++ stdout=stdout, + check=True) + + except KeyboardInterrupt: +-- +2.25.4 + diff --git a/0001-Fix-JSS-initialization-in-pki-server-subsystem-user-.patch b/0001-Fix-JSS-initialization-in-pki-server-subsystem-user-.patch new file mode 100644 index 0000000..f798c1b --- /dev/null +++ b/0001-Fix-JSS-initialization-in-pki-server-subsystem-user-.patch @@ -0,0 +1,49 @@ +From 5d674aef1d37b724213270984062fba79e6a519a Mon Sep 17 00:00:00 2001 +From: "Endi S. Dewata" +Date: Thu, 29 Oct 2020 10:36:25 -0500 +Subject: [PATCH] Fix JSS initialization in pki-server + -user-cert-add + +The pki-server -user-cert-add failed with +NoSuchProviderException when importing a certificate with +RSA/PSS algorithm. It turns out the JSS has to be initialized +before parsing the certificate using X509CertImpl. +--- + .../server/cli/SubsystemUserCertAddCLI.java | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/base/server/src/org/dogtagpki/server/cli/SubsystemUserCertAddCLI.java b/base/server/src/org/dogtagpki/server/cli/SubsystemUserCertAddCLI.java +index 9a58628af..120536add 100644 +--- a/base/server/src/org/dogtagpki/server/cli/SubsystemUserCertAddCLI.java ++++ b/base/server/src/org/dogtagpki/server/cli/SubsystemUserCertAddCLI.java +@@ -70,6 +70,13 @@ public class SubsystemUserCertAddCLI extends CommandCLI { + String filename = cmd.getOptionValue("cert"); + String format = cmd.getOptionValue("format"); + ++ String catalinaBase = System.getProperty("catalina.base"); ++ String serverXml = catalinaBase + "/conf/server.xml"; ++ ++ TomcatJSS tomcatjss = TomcatJSS.getInstance(); ++ tomcatjss.loadTomcatConfig(serverXml); ++ tomcatjss.init(); ++ + byte[] bytes; + if (filename == null) { + // read from standard input +@@ -92,13 +99,6 @@ public class SubsystemUserCertAddCLI extends CommandCLI { + + X509CertImpl cert = new X509CertImpl(bytes); + +- String catalinaBase = System.getProperty("catalina.base"); +- String serverXml = catalinaBase + "/conf/server.xml"; +- +- TomcatJSS tomcatjss = TomcatJSS.getInstance(); +- tomcatjss.loadTomcatConfig(serverXml); +- tomcatjss.init(); +- + String subsystem = parent.getParent().getParent().getName(); + String configDir = catalinaBase + File.separator + subsystem; + String configFile = configDir+ File.separator + "conf" + File.separator + CMS.CONFIG_FILE; +-- +2.25.4 + diff --git a/0001-Fix-NPE-in-UGSubsystem.findUsersByKeyword.patch b/0001-Fix-NPE-in-UGSubsystem.findUsersByKeyword.patch new file mode 100644 index 0000000..e91a2b5 --- /dev/null +++ b/0001-Fix-NPE-in-UGSubsystem.findUsersByKeyword.patch @@ -0,0 +1,31 @@ +From 749c2d94f16fa418a8ee211b3d632bd40a23fe9d Mon Sep 17 00:00:00 2001 +From: "Endi S. Dewata" +Date: Wed, 4 Nov 2020 09:08:35 -0600 +Subject: [PATCH] Fix NPE in UGSubsystem.findUsersByKeyword() + +--- + .../src/com/netscape/cmscore/usrgrp/UGSubsystem.java | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/base/server/src/com/netscape/cmscore/usrgrp/UGSubsystem.java b/base/server/src/com/netscape/cmscore/usrgrp/UGSubsystem.java +index bbfbf4663..2080f58a1 100644 +--- a/base/server/src/com/netscape/cmscore/usrgrp/UGSubsystem.java ++++ b/base/server/src/com/netscape/cmscore/usrgrp/UGSubsystem.java +@@ -268,8 +268,12 @@ public class UGSubsystem { + * Searchs for identities that matches the filter. + */ + public Enumeration findUsersByKeyword(String keyword) throws EUsrGrpException { +- keyword = LDAPUtil.escapeFilter(keyword); +- String filter = "(|(uid=*" + keyword + "*)(cn=*" + keyword + "*)(mail=*" + keyword + "*))"; ++ String filter = null; ++ ++ if (keyword != null) { ++ keyword = LDAPUtil.escapeFilter(keyword); ++ filter = "(|(uid=*" + keyword + "*)(cn=*" + keyword + "*)(mail=*" + keyword + "*))"; ++ } + + return findUsers(filter); + } +-- +2.25.4 + diff --git a/pki-core.spec b/pki-core.spec index 221b90a..3bd2e49 100644 --- a/pki-core.spec +++ b/pki-core.spec @@ -13,7 +13,7 @@ License: GPLv2 and LGPLv2 # For development (i.e. unsupported) releases, use x.y.z-0.n.. # For official (i.e. supported) releases, use x.y.z-r where r >=1. Version: 10.10.0 -Release: 1%{?_timestamp}%{?_commit_id}%{?dist} +Release: 2%{?_timestamp}%{?_commit_id}%{?dist} #global _phase -beta1 # To create a tarball from a version tag: @@ -31,6 +31,10 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver # > pki-VERSION-RELEASE.patch # Patch: pki-VERSION-RELEASE.patch +Patch1: 0001-Add-workaround-for-missing-capture_output-in-Python-.patch +Patch2: 0001-Fix-JSS-initialization-in-pki-server-subsystem-user-.patch +Patch3: 0001-Fix-NPE-in-UGSubsystem.findUsersByKeyword.patch + ################################################################################ # NSS ################################################################################ @@ -102,6 +106,7 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver %global with_base 1 %global with_server 1 +%global with_acme 1 %global with_ca 1 %global with_kra 1 %global with_ocsp 1 @@ -225,6 +230,11 @@ BuildRequires: junit BuildRequires: jpackage-utils >= 0:1.7.5-10 BuildRequires: jss >= 4.8.0 BuildRequires: tomcatjss >= 7.6.0 + +# JNA is used to bind to libsystemd +%if %{with sdnotify} +BuildRequires: jna +%endif BuildRequires: systemd-units %if 0%{?rhel} @@ -516,7 +526,6 @@ Requires: tomcatjss >= 7.6.0 # JNA is used to bind to libsystemd %if %{with sdnotify} -BuildRequires: jna Requires: jna %endif @@ -1376,6 +1385,12 @@ fi ################################################################################ %changelog +* Thu Nov 05 2020 Dogtag PKI Team - 10.10.0-2 +- Add missing pki-acme package +- Add workaround for missing capture_output in Python 3.6 +- Fix JSS initialization in pki-server -user-cert-add +- Fix NPE in UGSubsystem.findUsersByKeyword() + * Wed Oct 28 2020 Dogtag PKI Team - 10.10.0-1 - Rebase to upstream stable v10.10.0-1 release